Ok, so I while I was out on my bike this morning, Mrs BOAS decided to do an online shop. She claims she Googled Tescos, clicked on a link and all hell broke loose! Apparently the screen started flashing an message and an alarm sounded.
She said there was a message telling her to call Microsoft helpline and there was a number in the screen.
Which she called.
Apparently, according to the man from “Microsoft” (who answered the phone fairly swiftly), our IP address had been used nearly 4,000 to access child pornography!!!111!1 The ‘expert’ then said he needed access to the laptop to check a few things with it and remove a Trojan that had enabled our IP address to be hacked.
Which she granted.
The “Man from Microsoft” then tried to sell her some anti-virus software (£199 for 2 years - bargain!)
This was when she decided that things might not be quite right and decided to terminate the call.
So the laptop is off, as is the WiFi.
What needs to be done now? I was going to start the laptop in safe mode and run a Defender scan etc. I’m not especially worried about the laptop, it’s the other 30-odd devices we have on the same WiFi network.
Should I reset/rename/re-password the WiFi? Should I also run virus checks on other PCs etc?
I guess we ought to also change passwords on the sites she may have visited on that laptop - especially if there are card details held on the site.
Any advice gratefully received.
At least I have something to do while the footy is on…….
It should just be the laptop that's affected.
I think the first thing to do if you think the data on your laptop has been accessed is notify your bank (and update your bank login info)
then id change any email account passwords to prevent password recoveries from your other accounts (assuming they’ve not already changed the passwords for you)
I'd only be worrying about the laptop. Basically a scam to either get access to it and/or get £199 from you. If there's nothing on there you need to save I'd wipe it and do a clean windows install
Yeah unlikely to be risk beyond the laptop (and your spouse 😬)
I have spent many, many hours over many years removing trojans. My advice today would be to wipe it and rebuild.
... then create her a regular user (non-admin) account
Id be more worried about my wife if she fell for that. I'd also be asking what she was really Googling, then again maybe not. Maybe she needs a non-administrator account?
Wipe it, fresh Windows install and change all online passwords asap if they are in anyway stored on that laptop.
Sounds like a scam to me. It's pretty common for "microsoft" or some other company to have scammers set up a dummy site/phone number to take advantage of people. I've experienced something similar before with the flashing and alarm bells. It ended up being nothing and didn't affect performance or anything else as far as I could tell. You can do a computer reset to a date before it happened if you saved a restore point. If you're really concerned about it, you can do a factory reset and get it back to where it was when you first got it (assuming there's nothing on there you want to keep, but I think you can reset it and still keep files).
If she continued using the laptop after the call it may have logged keystrokes for any passwords/usernames etc she entered.
As per the others though, I would just backup any photos and documents and then tell windows to do a fresh install and choosing the slow/full format option. It might also be wise to the check the recovery position (often D drive) first, you might be able to sort it by last updated files to see if anything has been hidden in there as that won't be deleted during a fresh install of Windows.
And then as 'good housekeeping' get your wife to check if she can/has enabled 2 factor authentication on everything she can (i.e eBay, Facebook)
Cougar
Full Member
I have spent many, many hours over many years removing trojans. My advice today would be to wipe it and rebuild.
This.
My sister got clobbered. Her ex husband was a banking employee, network guy. He plainly left her vulnerable.
Her PC was locked by the “Microsoft” scammer she gave remote access to and she then paid quite a big bitcoin ransome to get back in.
Luckily they did unlock it.
Apparently they don’t always.
Having taken the money I guess they could have just disappeared! Honour amongst thieves?
Seems you were perhaps lucky but get 1Password and redo ALL your passwords with long passwords mixtures of letters (upper and lower case, symbols and numbers (1password generates them for you then enters on desktop and phone so no need to type in) be sure to never use a pw for more than one account.
Hope it works out ok.
I think I'd definitely want to know what was in the search history.😁
Good luck sorting op.
i'd be starting it in safe mode to recover any data, then flatten it and start again if you can. If it's an older laptop that you can actually open and can get the drive out then shoving it in a caddy and extracting that data that way is even safer. Your method of starting in safe mode and removing the trojan is likely to be ok but you'll never be 100% sure. Flattening it will make you comfortable
Thanks folks. That’s put my mind at rest.
Flattening it will make you comfortable
Or at the very least relieve stress!
What's the best way to flatten a computer?
What’s the best way to flatten a computer?
Create a USB installer on a known clean PC, boot from it.
Is 'flatten' jargon? Have not heard that one, was assuming auto correct getting it wrong on swipe mobile keyboard!
I suppose it is, I'd never really considered it before. It's a very common term in tech circles, I assumed it was in general parlance but perhaps not.
I’d also add that as access has been given to the pc it’s possible that ransomware that can encrypt data files has been installed.
When rebuilding the pc I’d wipe the data files too & restore that from you backups.
It’s quite often that data ransomware does not make itself known until sometime after the initial attack.
